Jump to content

f3adventure

Members
  • Posts

    17
  • Joined

  • Last visited

Reputation

0 Neutral
  1. My computer appears to be fixed! Thank you very much! I followed your last set of instructions and had ComboFix uninstall itself. I got rid of Sophos anti-virus so I am only running one program again.
  2. Hi- Here are the resulst from the Kaspersky Online Scaner. Thanks! -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, November 10, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, November 09, 2009 13:03:09 Records in database: 3181044 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 93317 Threats found: 11 Infected objects found: 67 Suspicious objects found: 0 Scan duration: 03:01:38 File name / Threat / Threats count C:\Documents and Settings\Kelly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-7f8373e4-70c6e282.zip Infected: Exploit.Java.Gimsh.b 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\domutipi.exe.vir Infected: Trojan.Win32.FraudPack.xil 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\fivajubu.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\fomegozu.exe.vir Infected: Trojan.Win32.FraudPack.xil 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\fozijesa.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\fuvuhagu.exe.vir Infected: Trojan.Win32.FraudPack.wso 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\harunano.exe.vir Infected: Trojan.Win32.FraudPack.xek 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\hewurevi.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\homesubu.exe.vir Infected: Trojan.Win32.FraudPack.wij 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\hurinewu.exe.vir Infected: Trojan.Win32.FraudPack.wgm 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\jadelamo.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\jahomayo.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\janodewi.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\kasusihu.exe.vir Infected: Packed.Win32.Katusha.g 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\kidikeso.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\kumeweva.exe.vir Infected: Trojan.Win32.FraudPack.xil 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\lafeziwi.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\malujebu.exe.vir Infected: Trojan.Win32.FraudPack.xek 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\nalerosa.exe.vir Infected: Trojan.Win32.FraudPack.xgn 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\natenima.exe.vir Infected: Packed.Win32.Katusha.g 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\nukiketa.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\poraheva.exe.vir Infected: Packed.Win32.Katusha.g 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\reditika.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\retupodi.exe.vir Infected: Trojan.Win32.FraudPack.yll 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\soyozisu.exe.vir Infected: Packed.Win32.Katusha.g 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\tadeyike.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\visoboja.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\vovugesi.exe.vir Infected: Packed.Win32.Katusha.g 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\widihabe.exe.vir Infected: Trojan.Win32.FraudPack.wso 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\yazovipe.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\yehediki.exe.vir Infected: Packed.Win32.Krap.x 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\zatewada.exe.vir Infected: Trojan.Win32.FraudPack.vxk 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\ziropobi.exe.vir Infected: Trojan.Win32.FraudPack.vxk 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\zodaveru.exe.vir Infected: Packed.Win32.Krap.x 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021929.exe Infected: Trojan.Win32.FraudPack.xil 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021932.exe Infected: Packed.Win32.Krap.x 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021933.exe Infected: Trojan.Win32.FraudPack.xil 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021935.exe Infected: Packed.Win32.Krap.x 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021936.exe Infected: Trojan.Win32.FraudPack.wso 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021938.exe Infected: Trojan.Win32.FraudPack.xek 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021939.exe Infected: Packed.Win32.Krap.x 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021941.exe Infected: Trojan.Win32.FraudPack.wij 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021944.exe Infected: Trojan.Win32.FraudPack.wgm 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021947.exe Infected: Packed.Win32.Krap.x 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021948.exe Infected: Packed.Win32.Krap.x 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021949.exe Infected: Packed.Win32.Krap.x 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021953.exe Infected: Packed.Win32.Katusha.g 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021954.exe Infected: Packed.Win32.Krap.x 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021955.exe Infected: Trojan.Win32.FraudPack.xil 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021956.exe Infected: Packed.Win32.Krap.x 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021958.exe Infected: Trojan.Win32.FraudPack.xek 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021960.exe Infected: Trojan.Win32.FraudPack.xgn 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021961.exe Infected: Packed.Win32.Katusha.g 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021963.exe Infected: Packed.Win32.Krap.x 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021965.exe Infected: Packed.Win32.Katusha.g 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021967.exe Infected: Packed.Win32.Krap.x 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021968.exe Infected: Trojan.Win32.FraudPack.yll 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021970.exe Infected: Packed.Win32.Katusha.g 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021971.exe Infected: Packed.Win32.Krap.x 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021976.exe Infected: Packed.Win32.Krap.x 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021977.exe Infected: Packed.Win32.Katusha.g 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021978.exe Infected: Trojan.Win32.FraudPack.wso 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021980.exe Infected: Packed.Win32.Krap.x 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021981.exe Infected: Packed.Win32.Krap.x 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021983.exe Infected: Trojan.Win32.FraudPack.vxk 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021984.exe Infected: Trojan.Win32.FraudPack.vxk 1 C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP12\A0021985.exe Infected: Packed.Win32.Krap.x 1 Selected area has been scanned.
  3. I re-downloaded ComboFix and it started just fine this time after I drug the cfscript into it. ComboFix did say that it needed to upload info for further review. I went ahead and allowed it but i thought it was a little strange. Below is the log I received after it ran. ComboFix 09-11-08.03 - Kelly 11/08/2009 19:28.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.179 [GMT -6:00] Running from: c:\documents and settings\Kelly\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Kelly\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} FILE :: "c:\documents and settings\All Users\Application Data\52282423\52282423.bat" "c:\documents and settings\All Users\Application Data\54902525\54902525.bat" "c:\documents and settings\Kelly\Application Data\3059055078\3059055078.bat" "c:\documents and settings\LocalService\Application Data\6950153518\6950153518.bat" "C:\explorer.exe.exe" "c:\windows\system32\jebadunu.dll" "c:\windows\system32\tuvabewe.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\05834929 c:\documents and settings\All Users\Application Data\17372727 c:\documents and settings\All Users\Application Data\35180017 c:\documents and settings\All Users\Application Data\46474025 c:\documents and settings\All Users\Application Data\48122421 c:\documents and settings\All Users\Application Data\52282423 c:\documents and settings\All Users\Application Data\52282423\52282423.bat c:\documents and settings\All Users\Application Data\52931222 c:\documents and settings\All Users\Application Data\54902525 c:\documents and settings\All Users\Application Data\54902525\54902525.bat c:\documents and settings\All Users\Application Data\57259432 c:\documents and settings\All Users\Application Data\60250114 c:\documents and settings\All Users\Application Data\62641726 c:\documents and settings\All Users\Application Data\70040011 c:\documents and settings\All Users\Application Data\76063628 c:\documents and settings\All Users\Application Data\89315935 c:\documents and settings\All Users\Application Data\89937642 c:\documents and settings\All Users\Application Data\98005325 c:\documents and settings\Kelly\Application Data\3059055078 c:\documents and settings\Kelly\Application Data\3059055078\3059055078.bat c:\documents and settings\Kelly\Application Data\3059055078\3059055078.cfg c:\documents and settings\LocalService\Application Data\6950153518 c:\documents and settings\LocalService\Application Data\6950153518\6950153518.bat c:\documents and settings\LocalService\Application Data\6950153518\6950153518.cfg C:\explorer.exe.exe c:\program files\kxdetq c:\windows\system32\jebadunu.dll c:\windows\system32\tuvabewe.dll . ((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 ))))))))))))))))))))))))))))))) . 2009-11-07 14:39 . 2009-11-07 14:39 -------- d--h--w- c:\windows\PIF 2009-10-23 20:24 . 2009-10-23 20:24 -------- d-----w- c:\program files\Trend Micro 2009-10-23 16:03 . 2009-10-23 16:03 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Windows Live Writer 2009-10-23 15:59 . 2009-10-23 15:59 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert 2009-10-23 15:58 . 2009-10-23 16:08 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google 2009-10-23 00:17 . 2009-10-23 00:17 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Mozilla 2009-10-22 21:34 . 2009-10-22 21:34 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Threat Expert 2009-10-19 01:23 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe 2009-10-19 01:23 . 2009-10-31 16:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-19 01:18 . 2009-10-19 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-10-19 00:36 . 2009-10-31 16:02 -------- d-----w- c:\program files\Lavasoft 2009-10-16 23:53 . 2009-10-16 23:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sophos 2009-10-13 02:48 . 2009-10-13 02:48 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Sophos 2009-10-13 02:22 . 2009-06-02 15:28 130104 ----a-w- c:\windows\system32\sdccoinstaller.dll 2009-10-13 02:22 . 2009-10-13 02:22 -------- d-----w- c:\program files\Common Files\Cisco Systems 2009-10-13 02:21 . 2009-06-02 15:29 23552 ----a-w- c:\windows\system32\sophosboottasks.exe 2009-10-13 02:21 . 2009-10-13 02:21 -------- d-----w- c:\program files\Sophos 2009-10-13 02:21 . 2009-10-13 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos 2009-10-13 02:21 . 2009-06-02 15:29 110848 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys 2009-10-13 02:21 . 2009-06-02 15:29 38528 ----a-w- c:\windows\system32\drivers\savonaccessfilter.sys 2009-10-13 02:21 . 2009-06-02 15:29 14976 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys 2009-10-13 02:20 . 2009-10-13 02:24 -------- d-----w- C:\SAV . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-07 16:49 . 2009-04-15 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-11-07 14:32 . 2007-08-18 01:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-07 00:33 . 2005-12-28 02:33 -------- d-----w- c:\program files\Dl_cats 2009-11-01 18:10 . 2009-07-12 18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-23 16:05 . 2006-01-22 23:53 -------- d-----w- c:\program files\Google 2009-10-22 18:56 . 2006-04-13 15:21 -------- d-----w- c:\documents and settings\Kelly\Application Data\Lavasoft 2009-10-22 13:09 . 2007-05-01 03:35 -------- d-----w- c:\program files\Advanced Spyware Remover 2009-10-21 03:44 . 2009-10-07 13:48 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll 2009-10-17 13:16 . 2009-10-07 13:48 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe 2009-09-10 20:53 . 2009-07-12 18:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-10 08:16 . 2007-10-28 05:00 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-28 14:50 . 2009-06-09 00:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-28 14:50 . 2009-06-09 00:22 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-28 14:50 . 2009-06-09 00:22 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-07-09 01:27 . 2006-02-02 05:36 104 --sh--r- c:\windows\system32\653B76F7FE.sys 2009-07-09 01:27 . 2006-02-02 05:36 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-14 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-16 98304] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192] "DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632] "dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984] "Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-05 2028312] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] c:\documents and settings\Kelly\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2009-1-2 161160] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-15 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-28 14:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\FerretSoft\\WebFerret\\WebFerret.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe"= R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [4/24/2009 4:01 PM 12384] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/8/2009 6:22 PM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/8/2009 6:22 PM 108552] R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [10/12/2009 8:21 PM 110848] R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [10/12/2009 8:21 PM 38528] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/8/2009 6:21 PM 297752] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [6/2/2009 9:29 AM 80936] R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [6/2/2009 9:29 AM 98304] R3 ENDETECT;ENDETECT;c:\progra~1\FRONTI~1\FRONTI~1\app\ENDETECT.SYS [12/27/2005 8:03 PM 7752] R3 TAPBIND;TAPBIND;c:\progra~1\FRONTI~1\FRONTI~1\app\TAPBIND1.SYS [12/27/2005 8:03 PM 47136] S3 L2XPSR;L2XPSR;\??\c:\progra~1\FRONTI~1\FRONTI~1\app\L2XPSR.SYS --> c:\progra~1\FRONTI~1\FRONTI~1\app\L2XPSR.SYS [?] S3 NTSTPL1;NTSTPL1;\??\c:\progra~1\FRONTI~1\FRONTI~1\app\NTSTPL1.SYS --> c:\progra~1\FRONTI~1\FRONTI~1\app\NTSTPL1.SYS [?] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [10/12/2009 8:21 PM 14976] --- Other Services/Drivers In Memory --- *Deregistered* - PROCEXP113 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2009-11-09 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20] 2009-11-07 c:\windows\Tasks\Default Scan 8 PM (Mon, Wed, Fri, Sun).job - c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-06-02 15:29] 2009-11-08 c:\windows\Tasks\User_Feed_Synchronization-{FF8DC490-F4BA-4B56-9F6D-7A8C10EC5C6F}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 23:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Kelly\Application Data\Mozilla\Firefox\Profiles\pzcyc0g1.default\ FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-08 19:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1361655599-2020972564-4176150641-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**a"
  4. Ok, I made the CScript and drug into ConboFix. A warnining pop up saying tht ComboFix may have been comprimised and infected with a Virut. I clicked ok to continue, and then ComboFix vanished. It stopped running and is no longer on my desktop. Do I need to re-download it? Thank you for your help!
  5. Hi, I ended up running ComboFix in safe mode. I was not able to shut down AVG or Sophos in safe mode... I tried but it wouldn't work and my frustration got the best of me so I ran ComboFix anyway. I have pated the log file that it produced. ComboFix 09-11-06.03 - Kelly 11/07/2009 10:35.1.2 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.152 [GMT -6:00] Running from: c:\documents and settings\Kelly\Desktop\test1.exe.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Sophos Anti-Virus *On-access scanning enabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\3B1.tmp c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Kelly\Desktop\Security Tool.lnk c:\windows\kb913800.exe c:\windows\system32\aesbbqcc.ini c:\windows\system32\cbeOnXyb.ini c:\windows\system32\cbeOnXyb.ini2 c:\windows\system32\dalegavo.dll c:\windows\system32\domutipi.exe c:\windows\system32\fafehevu.dll c:\windows\system32\fapolavu.dll c:\windows\system32\fivajubu.exe c:\windows\system32\fomegozu.exe c:\windows\system32\fosepoyo.exe c:\windows\system32\fozijesa.exe c:\windows\system32\fuvuhagu.exe c:\windows\system32\gagekije.dll c:\windows\system32\gedekuye.dll c:\windows\system32\gefejobu.dll c:\windows\system32\harunano.exe c:\windows\system32\hewurevi.exe c:\windows\system32\hnscoyrc.ini c:\windows\system32\homesubu.exe c:\windows\system32\hoyovize.dll c:\windows\system32\huhogota.dll c:\windows\system32\hurinewu.exe c:\windows\system32\ibqxipmn.ini c:\windows\system32\iehelper.dll c:\windows\system32\jadelamo.exe c:\windows\system32\jahomayo.exe c:\windows\system32\janodewi.exe c:\windows\system32\jesazohe.dll c:\windows\system32\jimugopi.dll c:\windows\system32\jiwesowe.dll c:\windows\system32\kasusihu.exe c:\windows\system32\kidikeso.exe c:\windows\system32\kumeweva.exe c:\windows\system32\lafeziwi.exe c:\windows\system32\LklUuCfe.ini c:\windows\system32\LklUuCfe.ini2 c:\windows\system32\malujebu.exe c:\windows\system32\mkcgcjpv.ini c:\windows\system32\nalerosa.exe c:\windows\system32\natenima.exe c:\windows\system32\nltjqjnn.ini c:\windows\system32\nukiketa.exe c:\windows\system32\pifosapu.dll c:\windows\system32\poraheva.exe c:\windows\system32\qjyllegb.ini c:\windows\system32\reditika.exe c:\windows\system32\retupodi.exe c:\windows\system32\siwipuyo.exe c:\windows\system32\soyozisu.exe c:\windows\system32\tadeyike.exe c:\windows\system32\tuyigope.dll c:\windows\system32\UACaeynkxfesibkvckry.dat c:\windows\system32\UACotylcqwmolwghldnq.db c:\windows\system32\ulmxpfmf.ini c:\windows\system32\vibinuze.dll c:\windows\system32\vipepili.dll c:\windows\system32\visoboja.exe c:\windows\system32\vovugesi.exe c:\windows\system32\widihabe.exe c:\windows\system32\woyibata.dll c:\windows\system32\yazovipe.exe c:\windows\system32\yehediki.exe c:\windows\system32\zagomeri.dll c:\windows\system32\zatewada.exe c:\windows\system32\ziropobi.exe c:\windows\system32\zodaveru.exe ----- BITS: Possible infected sites ----- hxxp://82.98.231.100 . ((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 ))))))))))))))))))))))))))))))) . 2009-11-07 14:39 . 2009-11-07 14:39 -------- d--h--w- c:\windows\PIF 2009-11-01 14:21 . 2009-11-07 08:02 -------- d-----w- c:\program files\kxdetq 2009-10-29 15:59 . 2009-10-31 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\89937642 2009-10-28 15:57 . 2009-10-30 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\98005325 2009-10-23 20:24 . 2009-10-23 20:24 -------- d-----w- c:\program files\Trend Micro 2009-10-23 16:03 . 2009-10-23 16:03 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Windows Live Writer 2009-10-23 15:59 . 2009-10-23 15:59 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Threat Expert 2009-10-23 15:58 . 2009-10-23 16:08 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google 2009-10-23 00:41 . 2009-02-03 15:32 3550592 ----a-w- C:\explorer.exe.exe 2009-10-23 00:17 . 2009-10-23 00:17 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Mozilla 2009-10-22 21:34 . 2009-10-22 21:34 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Threat Expert 2009-10-22 21:25 . 2009-10-22 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\76063628 2009-10-22 09:25 . 2009-10-23 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\60250114 2009-10-21 21:24 . 2009-10-22 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\48122421 2009-10-20 03:23 . 2009-10-21 07:08 -------- d-----w- c:\documents and settings\All Users\Application Data\62641726 2009-10-19 01:23 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe 2009-10-19 01:23 . 2009-10-31 16:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-19 01:18 . 2009-10-19 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-10-19 00:36 . 2009-10-31 16:02 -------- d-----w- c:\program files\Lavasoft 2009-10-18 21:24 . 2009-10-21 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\70040011 2009-10-18 09:24 . 2009-10-21 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\52931222 2009-10-17 09:25 . 2009-10-23 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\89315935 2009-10-16 23:53 . 2009-10-16 23:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sophos 2009-10-16 09:20 . 2009-10-17 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\05834929 2009-10-15 09:19 . 2009-10-16 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\35180017 2009-10-13 09:18 . 2009-10-15 01:16 -------- d-----w- c:\documents and settings\All Users\Application Data\17372727 2009-10-13 02:48 . 2009-10-13 02:48 -------- d-----w- c:\documents and settings\Kelly\Local Settings\Application Data\Sophos 2009-10-13 02:22 . 2009-06-02 15:28 130104 ----a-w- c:\windows\system32\sdccoinstaller.dll 2009-10-13 02:22 . 2009-10-13 02:22 -------- d-----w- c:\program files\Common Files\Cisco Systems 2009-10-13 02:21 . 2009-06-02 15:29 23552 ----a-w- c:\windows\system32\sophosboottasks.exe 2009-10-13 02:21 . 2009-10-13 02:21 -------- d-----w- c:\program files\Sophos 2009-10-13 02:21 . 2009-10-13 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos 2009-10-13 02:21 . 2009-06-02 15:29 110848 ----a-w- c:\windows\system32\drivers\savonaccesscontrol.sys 2009-10-13 02:21 . 2009-06-02 15:29 38528 ----a-w- c:\windows\system32\drivers\savonaccessfilter.sys 2009-10-13 02:21 . 2009-06-02 15:29 14976 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys 2009-10-13 02:20 . 2009-10-13 02:24 -------- d-----w- C:\SAV 2009-10-11 21:16 . 2009-10-13 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\46474025 2009-10-09 21:15 . 2009-10-11 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\57259432 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-07 16:49 . 2009-04-15 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-11-07 14:32 . 2007-08-18 01:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-11-07 00:33 . 2005-12-28 02:33 -------- d-----w- c:\program files\Dl_cats 2009-11-01 18:10 . 2009-07-12 18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-23 16:05 . 2006-01-22 23:53 -------- d-----w- c:\program files\Google 2009-10-22 18:56 . 2006-04-13 15:21 -------- d-----w- c:\documents and settings\Kelly\Application Data\Lavasoft 2009-10-22 13:09 . 2007-05-01 03:35 -------- d-----w- c:\program files\Advanced Spyware Remover 2009-10-21 03:44 . 2009-10-07 13:48 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll 2009-10-17 13:16 . 2009-10-07 13:48 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe 2009-10-09 07:06 . 2009-10-07 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\54902525 2009-10-09 07:06 . 2009-10-08 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\52282423 2009-10-08 03:14 . 2009-10-08 03:14 274 ----a-w- c:\documents and settings\All Users\Application Data\52282423\52282423.bat 2009-10-07 15:14 . 2009-10-07 15:14 274 ----a-w- c:\documents and settings\All Users\Application Data\54902525\54902525.bat 2009-10-06 03:13 . 2009-10-06 03:13 272 ----a-w- c:\documents and settings\LocalService\Application Data\6950153518\6950153518.bat 2009-10-06 03:13 . 2009-10-06 03:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\6950153518 2009-10-04 15:12 . 2009-10-04 15:12 266 ----a-w- c:\documents and settings\Kelly\Application Data\3059055078\3059055078.bat 2009-10-04 15:12 . 2009-10-04 15:12 -------- d-----w- c:\documents and settings\Kelly\Application Data\3059055078 2009-09-10 20:53 . 2009-07-12 18:21 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-10 08:16 . 2007-10-28 05:00 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-28 14:50 . 2009-06-09 00:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-28 14:50 . 2009-06-09 00:22 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-28 14:50 . 2009-06-09 00:22 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-07-09 01:27 . 2006-02-02 05:36 104 --sh--r- c:\windows\system32\653B76F7FE.sys 2009-08-05 15:59 . 2009-08-05 15:59 90624 --sha-w- c:\windows\system32\jebadunu.dll 2009-07-09 01:27 . 2006-02-02 05:36 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-08-07 03:59 . 2009-08-07 03:59 91136 --sha-w- c:\windows\system32\tuvabewe.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-14 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-16 98304] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-09-18 8192] "DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632] "dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984] "Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-05 2028312] "combofix"="c:\test1.exe\CF27470.exe" [2009-11-07 389120] c:\documents and settings\Kelly\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] Auto run of VideoCam Suite 1.0.lnk - c:\program files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe [2009-1-2 161160] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-15 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-28 14:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\FerretSoft\\WebFerret\\WebFerret.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe"= "c:\\WINDOWS\\system32\\winlogon.exe"= "c:\\WINDOWS\\explorer.exe"= "c:\\WINDOWS\\system32\\lsass.exe"= R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [4/24/2009 4:01 PM 12384] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/8/2009 6:22 PM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/8/2009 6:22 PM 108552] R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [10/12/2009 8:21 PM 110848] R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [10/12/2009 8:21 PM 38528] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/8/2009 6:21 PM 297752] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [6/2/2009 9:29 AM 80936] R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [6/2/2009 9:29 AM 98304] R3 ENDETECT;ENDETECT;c:\progra~1\FRONTI~1\FRONTI~1\app\ENDETECT.SYS [12/27/2005 8:03 PM 7752] R3 TAPBIND;TAPBIND;c:\progra~1\FRONTI~1\FRONTI~1\app\TAPBIND1.SYS [12/27/2005 8:03 PM 47136] S3 L2XPSR;L2XPSR;\??\c:\progra~1\FRONTI~1\FRONTI~1\app\L2XPSR.SYS --> c:\progra~1\FRONTI~1\FRONTI~1\app\L2XPSR.SYS [?] S3 NTSTPL1;NTSTPL1;\??\c:\progra~1\FRONTI~1\FRONTI~1\app\NTSTPL1.SYS --> c:\progra~1\FRONTI~1\FRONTI~1\app\NTSTPL1.SYS [?] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [10/12/2009 8:21 PM 14976] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2009-11-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20] 2009-11-07 c:\windows\Tasks\Default Scan 8 PM (Mon, Wed, Fri, Sun).job - c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2009-06-02 15:29] 2009-11-07 c:\windows\Tasks\User_Feed_Synchronization-{FF8DC490-F4BA-4B56-9F6D-7A8C10EC5C6F}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 23:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Page_URL = hxxp://www.dell4me.com/myway uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mDefault_Search_URL = hxxp://www.google.com/ie mSearch Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway uSearchAssistant = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Kelly\Application Data\Mozilla\Firefox\Profiles\pzcyc0g1.default\ FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - BHO-{b4f46675-3361-43e3-8447-ea3fd031c1cf} - tifozoho.dll WebBrowser-{472734EA-242A-422B-ADF8-83D1E48CC825} - (no file) HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe HKCU-Run-system tool - c:\program files\kxdetq\bgwhsysguard.exe HKLM-Run-system tool - c:\program files\kxdetq\bgwhsysguard.exe HKLM-Run-torigided - c:\windows\system32\gagekije.dll HKLM-Run-saradamode - sonewogi.dll SharedTaskScheduler-{dc6419dd-c802-4ca1-b5ec-6d3d07619b41} - c:\windows\system32\nuramayi.dll SharedTaskScheduler-{ce2165d1-1384-4553-9f08-5ea88c62aa7c} - c:\windows\system32\gotaruge.dll SharedTaskScheduler-{78cf92b9-e99f-40de-b4e2-dbec60b6c92a} - c:\windows\system32\pofuzema.dll SharedTaskScheduler-{a91e0fec-2ba3-4f9b-8405-bec147e2c8ea} - c:\windows\system32\pofuzema.dll SharedTaskScheduler-{1a720de7-d4a1-4390-899d-2a0118f9ca90} - c:\windows\system32\gotasura.dll SharedTaskScheduler-{8000d79e-ca39-400d-868e-a51a0708ac75} - c:\windows\system32\gagekije.dll SSODL-dihevepif-{dc6419dd-c802-4ca1-b5ec-6d3d07619b41} - c:\windows\system32\nuramayi.dll SSODL-keruzuzuz-{ce2165d1-1384-4553-9f08-5ea88c62aa7c} - c:\windows\system32\gotaruge.dll SSODL-wabohupig-{78cf92b9-e99f-40de-b4e2-dbec60b6c92a} - c:\windows\system32\pofuzema.dll SSODL-lekerobeb-{a91e0fec-2ba3-4f9b-8405-bec147e2c8ea} - c:\windows\system32\pofuzema.dll SSODL-bawudadaf-{1a720de7-d4a1-4390-899d-2a0118f9ca90} - c:\windows\system32\gotasura.dll SSODL-liluvobam-{8000d79e-ca39-400d-868e-a51a0708ac75} - c:\windows\system32\gagekije.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-07 10:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1361655599-2020972564-4176150641-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**a"
  6. Can I run Combofix in safe mode? (I'm betting no) Currently safe mode is the only way I can make my computer work. When I try normal mode, my computer gets over-loaded with pop-ups until it chokes and freezes. I don't know what else to do. Thanks again for trying to help me solve this problem... it is very frustrating!
  7. Hi, I found and deleted the rules.ref file. Then I double clicked the explorer file which said it needed to update. It appeared to update successfully. I still received the error message so I tried downloaded the other file you mentioned. I installed it and then tried explorer again but with no improved results. It still will not open. Any other ideas? I appreciate your help. Thank you.
  8. Thanks for your help, sorry to report more problems. I downloaded the current version of Malwarebytes but like before, when I attempt to install it a screen pops up that says extracting files, then it disappears and nothing else happens. I then tried to follow your recomendation and looked for rules.ref here: C:\Documents and Settings\All users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware folder There is not a folder in the all users file named application data, so I searched the c: drive looking for a file called rules.ref but nothing was found. It looks like I am stuck once again. Is there anything else I can try? Thanks!
  9. I did as instructed and received the following error message. Error Code: 703 (0, 453).
  10. Hi Miekiemoes, I was not seeing a code 2 error, the program window would just disappear without any warning. I discovered that I had MBAM.exe on my computer from a previous installation. I double clicked on it but nothing happened. I then re-named it explorer.exe, doubled clicked and still nothing happened so i then re-named it nickname.exe, double clicked it and once again- no results. Is there anything else I can try? Thanks!
  11. It's been over 48 hours... Can anybody help me out? Thanks!
  12. I have both ComboFix and MBAM on my desktop. I re-named each of them but the results are still the same. When I run ComboFix (now re-named test1.exe) I get this message: 327BBR22FWJFW\n.pif (or some variation of this) The message reads: Windows cannot access the specified device, path or file. You may not have the approperiate permission to access the item. When I try to install MBAM (now re-named explore.exe) I go through the setup process until I get to the screen that says "ready to install" I click install and a progress bar pops up for 1 second and then is just disappears. Any other ideas? Thanks!
  13. Ok, I fixed all the checked items (except the one I mentioned above) re-started the computer, turned off all anti-virus/adware programs and attempted to run ComboFix. I have the same results as before with the same error message. Here is the new scan from HijackThis if it helps... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:53:27 PM, on 10/24/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TangoManager.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\dlcccoms.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: (no name) - {b4f46675-3361-43e3-8447-ea3fd031c1cf} - dezuwabi.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FRONTI~1\FRONTI~1\app\TANGOM~1.EXE O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [torigided] Rundll32.exe "c:\windows\system32\nuramayi.dll",a O4 - HKLM\..\Run: [saradamode] Rundll32.exe "korumore.dll",s O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Auto run of VideoCam Suite 1.0.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O21 - SSODL: dihevepif - {dc6419dd-c802-4ca1-b5ec-6d3d07619b41} - c:\windows\system32\nuramayi.dll O22 - SharedTaskScheduler: gahurihor - {dc6419dd-c802-4ca1-b5ec-6d3d07619b41} - c:\windows\system32\nuramayi.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exe -- End of file - 10472 bytes
  14. Ok, i am doing as you requested, but I do not see; 021-SSODL: dowanibet....
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.